Now, when we have authenticated ourself, we will perform a search of an entry where we will retrieve just one single attribute. file.

+

+

{{CodeSnippet|Code listing 1.3: Searching for an LDAP entry|<pre>

+

4&gt; Base = {base,DN}.

+

{base,"uid=tobbe,ou=People,dc=bluetail,dc=com"}

+

5&gt; Scope = {scope, eldap:baseObject()}.

+

{scope,baseObject}

+

6&gt; Filter = {filter, eldap:present("cn")}.

+

{filter,{present,"cn"}}

+

7&gt; Attribute = {attributes, ["cn"]}.

+

{attributes,["cn"]}

+

8&gt; Search = [Base, Scope, Filter, Attribute].

+

[{base,"uid=tobbe,ou=People,dc=bluetail,dc=com"},

+

{scope,baseObject},

+

{filter,{present,"cn"}},

+

{attributes,["cn"]}]

+

9&gt; eldap:search(S, Search).

+

{ok,#eldap_search_result{

+

entries = [#eldap_entry{

+

object_name = "uid=tobbe,ou=People,dc=bluetail,dc=com",

+

attributes = [{"cn",["Torbjorn Tornkvist"]}]}],

+

referrals = []}}

+

</pre>}}

+

+

<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b>Note that we have made use of the fantastic shell command <b>rr/1</b>

+

(as in rr(eldap)) before issuing the call to eldap:search/2. This gives

+

us the output in a nice record format.</p></td></tr></table>

+

+

As a variation, let us see what happends if we don't specify any attributes to be retrieved.

+

+

{{CodeSnippet|Code listing 1.4: Searching for an LDAP entry, take II|<pre>

Revision as of 07:32, 11 June 2007

Contents

Author

Tobbe

How to talk LDAP from Erlang

Introduction

LDAP (Lightweight Directory Access Protocol) is described in RFC xxxx. It comprises of not just a protocol but also of an abstract model of the data. Basically, think of the data as being stored in a tree. Each node (or entry) has a name (a Relative Distinguished Name). By concatenating the RDN's, while traversing the tree, you get a path (or name) that uniquely identifies a particular entry (the Distinguished Name, DN). Data is modelled as object classes each class containing a number of mandatory and optional attributes. A particular LDAP entry can be seen as an instance of one (or more) class(es). Example of such an entry can be seen below:

Note the attributes to left, where the dn: at the
top holds the unique name of the entry (the DN). As you can
see, an entry may contain a (encrypted) password. This makes
it possible to use LDAP for authentication of users. Normally
it is often possible to search (or lookup) data without
having to authenticate (it depends on how the LDAP server
is configured). We will look at how we can use the eldap
library to communicate with an LDAP server.
</p>

In this example I have been using OTP-R10B-3 release and the
jerl Jungerl start script. By using the Jungerl start script
I automatically get eldap in my path.

Authenticate with eldap

We start by setting up a TCP socket to the LDAP server.
The default port (389) will be used if you don't specify
another port in the option list as {port,Port}.
It is also possible to setup a SSL connection by using the
{ssl,true} option (note that you then probably also
should use the port 636).